Gemini CEO Tony Ayaz Discusses Situational Awareness (Podcast)

Gemini the Analyst PlatformSituational awareness, simply put, is to know what’s going on around you. Humans are good at filtering out noises, voices, lights, smells, and any sensory combination. However, you have to remain vigilant about your surroundings. Don’t allow your screens to distract you to the point of unawareness.

GeminiPreston and I briefly speak with Tony Ayaz, CEO of Gemini, about cybersecurity situational awareness. We discuss what situational awareness is and what it means, or should mean, to you as an individual. Preston and I will actually speak more on this in a future one-on-one podcast.

The U. S. Coast Guard definition of situational awareness:

Situational Awareness is the ability to identify, process,
and comprehend the critical elements of information about
what is happening to the team with regards to the mission.
More simply, it’s knowing what is going on around you.

Podcast details:

Length: 12:08 minutes. Format: MP3. Rating: G for all audiences.

You can engage Preston on Twitter at: @siggrapher and myself at: @kenhess.

We welcome comments and feedback.

2017 Cybersecurity Resolutions (Podcast)

ResolutionsAs promised on our 2017 Topics List, January is for cybersecurity resolutions. This podcast features Preston and me discussing a short list of cybersecurity awareness topics for personal and for business use. Staying secure in everything you do is very important. We can’t stress too much the importance of using very strong passwords, doing some regular housekeeping, being smart about opening email attachments, and protecting yourself from cyberstalkers who want to compromise your accounts and your identities.

RoseRock Cafe & BakeryWe decided to try something different today and record our podcast at a little cafe that’s inside our favorite bookstore; The RoseRock Cafe* on South Mingo Road. The recommended choice is the Reuben sandwich on marbled rye bread, which is excellent, by the way.

The only problem with recording in public is that you’re subjected to random sounds, like the phone in the background that seems to ring and ring and ring. I know that the bookstore is staffed well enough that someone could have picked up. But that’s why we chose the cafe setting because we wanted those ambient sounds. Plus, there’s something ironic about discussing a security topic in a public place.

Podcast details:

Length: 10:29 minutes. Format: MP3. Rating: G for all audiences.

This short podcast has a lot of good information in it about how to protect yourself. Over the coming weeks and months, Preston and I will return to public places to discuss cybersecurity and maybe even conduct a few impromptu interviews along the way.

#SecurityNOW #SecurityResolutions2017

*RoseRock Cafe & Bakery is not a SecurityNOW show sponsor, but they were kind enough to allow us to record our show there.

Interview with Cybersecurity Forensic Expert Simon Smith (Podcast)

eVestigator Simon SmithIt’s not often you get to talk to a real cybersecurity expert. Simon is an expert programmer, cyberforensics expert, and a security maven. Recently he exposed a criminal who used a VPN (Secure, private connection to the Internet) who thought he’d gotten away. Simon’s investigative abilities proved otherwise. Simon owns eVestigator, a company that specializes in helping victims of hacks, breaches, and other cybercrimes. He’s the real deal and has the track record to prove it. Just look at the list of his certifications and diplomas. He also has solved more than 350 cybersecurity and cybercrime cases.

During this podcast, we discussed the role of artificial intelligence in cybersecurity and the human element, its removal, and its requirement.

Preston and I were glad to speak to Simon and hope to have him back on the show to discuss other hot security topics.

Podcast details:

Length: 23:31 minutes. Format: MP3. Rating: G for all audiences.

Preston and I want to remind you to stay secure.

#SecurityNOW

Hacked and Don’t Know It with Infocyte Founder Chris Gerritz (Podcast)

InfocytePreston and I had the pleasure of speaking with Infocyte founder Chris Gerritz about how companies can actually be hacked and not know it. It’s shocking to think that a company and its resources can be exposed for three, six, or more months and never have a clue. In fact, new reports tell us that your company probably has been hacked already, whether or not you have safeguards in place. Infocyte’s HUNT product searches for and finds malware infections.

Companies need to take the threat of compromise seriously. Anti-virus and anti-malware software isn’t enough nor is it always effective.

It’s clear that current real-time security processes are simply ineffective at detecting post-compromise activity, especially as time passes after the initial breach.

Infocyte HUNT approaches threat detection from a completely new perspective – by presuming endpoints are already compromised. It provides an easy-to-use, yet powerful solution to limit risk and manage the breach detection gap by enabling an organization’s own IT and security professionals to proactively discover malware and persistent threats, active or dormant, that have successfully evaded existing defenses and established a beachhead within the network.

Infocyte HUNTAdvanced persistent threats (APTs), hackers, malware, viruses, phishing schemes, and over-the-network hacks are a constant and a continuous threat. The only way to know if you’ve been hacked is with a thorough search for rootkits, Trojan horses, viruses, and other malware infections and signs of hacking.

In this 19 minute podcast, Chris Gerritz gives you an overview of the problem and his Infocyte HUNT product as a solution to finding threats on your network.

Podcast details:

Length: 19:10 minutes. Format: MP3. Rating: G for all audiences.

Remember to stay secure.

Please retweet us and tell everyone you know about the SecurityNOW show. #SecurityNOW

The State of NoSQL Database Hacks with Cryptzone’s Jason Garbis (Podcast)

CryptzoneOn January 6, I received a notice that over 10,000 MongoDB databases have been deleted by various groups of hackers over the last few days, confirming today’s security models are broken. I was shocked and wanted to investigate further, so I connected with Cryptzone for comment and scheduled a podcast interview with Jason Garbis, CISSP and VP of Products at Cryptzone.

By the time we connected for the podcast, more than 30,000 NoSQL databases had been compromised, had their data deleted or stolen, and in many cases, ransoms demanded.

To combat this, Cryptzone has rolled out the latest version of its Software Defined Perimeter offering, AppGate. AppGate transforms network security, employing an “authenticate first, connect second” approach.

Jason’s notes about the MongoDB and other NoSQL database attacks:

“Attacks – such as those against NoSQL databases, are exceptionally damaging but frustratingly they’re also preventable.”

“Exposing any system to the ‘Internet Cesspit’ is fundamentally a bad idea. All systems have weaknesses – whether it’s a vulnerability, poor configuration or inadequate controls. It’s far too easy for an attacker to use Shodan (a powerful search engine) to discover and then violate them.”

“Rather than putting all of their systems in the shop window, particularly one that doesn’t even have any glass to protect it, companies must wake up to the realization that a new approach to network security is required. Taking an identity-centric approach, so one that only permits authorized users to access resources, would effectively brick up the window to anyone that doesn’t know its there, locking the attackers out and rendering their malware impotent.”

Preston and I interviewed Jason about these recent exploits and found that the solution to the problem is very simple, but obviously overlooked.

Podcast details: Length: 17:59 minutes. Format: MP3. Rating: G for all audiences.

Think about the security of any data that’s exposed directly to the Internet or that’s exposed via web application. Setup two-factor authentication as an added measure against data exploitation.

Looking at Intent-based Security and Rethinking Application Security with Twistlock CEO Ben Bernstein (Podcast)

twistlock

Preston and I interviewed Twistlock CEO Ben Bernstein about his company’s approach to container-based security from a new perspective known as intent-based security, which also has us rethinking application security. Ben gives us an overview of intent-based security and a detailed explanation of why a new perspective is important to application security.

  1. Ben’s concept of intentbased security is evolving not only the way organizations build applications as DevOps adoption, and with it container adoption, continues to rise, but also rethinking the approach to application security to address fundamental application intent issues
  2. Why it is so difficult for IT, security and dev teams to look at an app and deduce intent
  3. Why attacks on the application layer are harder to detect than the network layer and more difficult to contain
  4. How to effectively add security to a container-based implementation of DevOps

Podcast details: Length – 20:55 minutes. MP3 format. G rating for all audiences.

Get your own copy of the ebook mentioned in the podcast, “How to Securely Configure a Linux Host to Run Containers“.

As discussed in the podcast, don’t assume anything about security for your container hosts or your containers. Container hosts must be thoughtfully secured, because if someone compromises your host; he owns your containers. Securing applications and their containers requires more than cursory security tests. You must build your applications with security in mind and you must also securely build your containers for those applications.

What’s Your Cyber Promiscuity Score? Find Out With NetWatcher (Podcast)

NetWatcherI had a good discussion with NetWatcher CEO, Scott Suhy, who described NetWatcher’s Cyber Promiscuity Score and how it will help your company identify its security vulnerabilities. Security vulnerabilities range from poor passwords to users who are susceptible to social engineering to systems that lack updated patches. Scott Suhy and NetWatcher offer free software to assess your Cyber Promiscuity for a single system. To assess your entire network is very affordable ($300/month) and $37.00 per phone support call. Listen to the podcast to learn more.

Podcast details:

Format: MP3     Length: 22:13 mins.      Rating: G.

Scott Suhy, NetWatcher CEO
Scott Suhy, NetWatcher CEO

Through continuous network security monitoring, NetWatcher serves as a 24/7 watchdog for your data and network. Our team of cyber security experts monitor your network and provide the managed security services you need to grow your business.

NetWatcher’s founders have a vision that every small and medium size enterprise should have access to the same cyber security protection that the Fortune 1000 have at their disposal.  The NetWatcher team believes that cyber security protection should be easy to install, easy to use, easy to understand, highly accurate and affordable for any size organization.